<%-- 
    Document   : newUser
    Created on : May 4, 2013, 3:08:41 PM
    Author     : phdinusa
--%>

<%@page import="db.UserDAO"%>
<%@page import="java.sql.Statement"%>
<%@page import="java.sql.ResultSet"%>
<%@page import="java.sql.Connection"%>
<%@page import="db.DB"%>

<!--
    name="j_idt12:firstname" first name
    name="j_idt12:lastname" last name
    name="j_idt12:j_idt16"   email
    name="j_idt12:j_idt18" password
    name="j_idt12:j_idt19" password again
    name="credit_card" credit card number
-->

<!DOCTYPE html>
<%
    if(session.getAttribute("user")!=null)
    {
        session.setAttribute("user", null);
        response.sendRedirect("index.jsp");
        return;
    }
    
    String firstName = request.getParameter("j_idt12:firstname");
    String lastName = request.getParameter("j_idt12:lastname");
    String email=request.getParameter("j_idt12:j_idt16");
    String pass=request.getParameter("j_idt12:j_idt18");
    String pass2=request.getParameter("j_idt12:j_idt19");
    String credit = request.getParameter("credit_card");
    
    DB data=new DB();
    Connection conn=null;
   
    session.setAttribute("user", null);
    
    // test password, are the two password same, are they long enough?
    boolean samePass = false;
    if(pass.equals(pass2) && pass.length()>=8 && pass.length()<=14){
        samePass = true;
    }
    // validate the email, is the email in the correct format?
    boolean correctEmail = false;
    if(email.toLowerCase().contains("@")){
        correctEmail = true;
    }
    
    
    if (samePass==false){
        //redirect back to register page to re-enter 
        response.sendRedirect("register.jsp?error=password");
    }
    else if(correctEmail==false){
        //redirect back to register page to re-enter 
        response.sendRedirect("register.jsp?error=email");
    }
    else{   
            try
            {  
//                conn = data.getConnection();
//                conn.setAutoCommit(false);
//                Statement stm = conn.createStatement();
//                ResultSet rs = stm.executeQuery("SELECT Email FROM Users WHERE Email=\""+email+"\"");
//                //rs.next();
//                //when there is no duplication in the Email column, the rs.next() returns false. Using rs.getString(1) is invalid. 
//                if(rs.next()){
//                    response.sendRedirect("register.jsp?error=true");
//                }
//                else
//                {
//                     UserDAO user = UserDAO.createUser(email, firstName, lastName, pass, 0, credit);
//
//                     session.setAttribute("user", user);
//
//                     response.sendRedirect("index.jsp");
//                }
                
                conn = data.getConnection();
                Statement stm = conn.createStatement();
                String quer="SELECT Email FROM Users WHERE Email=\""+email+"\"";
                ResultSet rs = stm.executeQuery(quer);
                
                if(rs.next())
                {
                    response.sendRedirect("register.jsp?error=true");
                }
                else
                {
                    String newUser="INSERT INTO Users (Email, LastName, FirstName, Password, Authority, CreditCardNumber, StartDate) VALUES (\""+email+"\",\""+lastName+"\",\""+firstName+"\",\""+pass+"\", 0,\""+ credit+ "\",CURDATE())";
                    stm.execute(newUser);
                    UserDAO user=UserDAO.loginUser(email, pass);
                    session.setAttribute("user", user);
                    // ^ not working for some reason
                    
                    response.sendRedirect("index.jsp");
                }
                
            }
            catch (Exception e)
            {
                
            }
            finally
            {
                try{conn.close();}catch(Exception ee){};
            }
    }
    
%>
